Why PCI Compliance is Not Enough Security

Why PCI Compliance is Not Enough Security

There’s a ferry near eMazzanti’s office in Hoboken that takes commuters to mid-town Manhattan in less than 10 minutes. Because of experience and safety regulations, passengers feel confident that they will complete the journey.

Like ferry safety regulations, PCI compliance is the retail industry’s standard for safeguarding customers’ credit card information. But is it enough security to protect everyone?

Not Enough Lifeboats

The Titanic was compliant. Yet, half of the passengers lost their lives because there weren’t enough lifeboats. Remarkably, the White Star Line, the operator of the ship, actually provided more lifeboat capacity than was required by the current laws.

The problem was that the lifeboat regulations in 1912, which had not changed since 1894, didn’t account for larger ships. When the regulations were written, the largest passenger ship under consideration was less than one quarter of the weight of the Titanic.

PCI is Not Watertight Security

Target, a retail titan, was hit with a massive data breach just two months after being certified as PCI compliant. Clearly, PCI compliance does not guarantee watertight data security. It may provide some protection from liability, but unfortunately it also gives executives a false sense of security.

Retail data security threats continue to increase. PCI compliance cannot guarantee that a business will not suffer a loss of data or loss of business from a data security breach.

Data thieves are organized and well-funded experts that uncover and exploit vulnerabilities in networks and software. Standards bodies take years to develop new standards, making the standards incomplete or even obsolete when they are issued.

Wireless Security Weakness

A growing point of weakness in retail data security is their wireless networks. Almost a necessity, wireless networks provide the kind of omni-channel experience current shoppers expect. Our firm has a close relationship with a company that provides outstanding small business wireless network security technology.

WatchGuard Technologies data security solutions are the first to allow users to deploy and manage both wired and wireless network security through a single appliance in a single view. One of their red boxes will do a good job of beefing up your wireless security.

Trust the Engineers

Leading up to the Titanic tragedy, executives overruled the engineers who had recommended more lifeboats. What can retailers do to protect their customers’ and company sensitive information? Your best approach is to partner with an IT security expert who can assess your current vulnerabilities and update your protection beyond PCI compliance.

Download PDF